Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 278

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
LG Electronics' shares surge 24% after showing automotive innovations using Google tech
I was at the exclusive launch of Ferrari's new EV that sent the stock tumbling. But there may be light at the end of the tunnel
Oaxaca bound
Meaningful designs for hand & finger tattoos?
Iran reportedly launches missiles as Trump mulls deal to pause war for two months
Movie: Backrooms
Michael Dell courted Trump early. His company has reaped rewards
U.S. government is reportedly set to invest in drone industry. These are Wall Street’s favorite plays
The ECB is in a bind over rate hikes — the private sector could be doing the bank's job for it
More workers are raiding their 401(k)s as average balances fall, Fidelity says